WatchGuard Firebox OS forced to patch worrying security flaw, so update now

• WatchGuard patches critical RCE flaw (CVE‑2025‑14733) in Firebox firewalls, being actively exploited in the wild
• CISA added it to KEV; federal agencies must patch or stop use by December 26
• Workarounds include disabling dynamic peer BOVPNs and tightening firewall policies until fixes are applied

WatchGuard has patched a critical-severity zero-day vulnerability in its Firebox firewalls, and urged all users to apply the fix immediately.

In a new security advisory, the company said firewalls running Fireware OS 11.x and later, 12.x and later, and 2025.1 up to (and including) 2025.1.3, contained an out-of-bounds write vulnerability that allowed unauthenticated attackers to execute arbitrary code, remotely (RCE). This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.

The flaw is now tracked as CVE-2025-14733, and was given a ...